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DETAILED ACTION 



Drawings 



1 . New corrected drawings are required in this application because the drawings 
submitted are informal. Applicant is advised to employ the services of a competent 
patent draftsperson outside the Office, as the U.S. Patent and Trademark Office no 
longer prepares new drawings. The corrected drawings are required in reply to the 
Office action to avoid abandonment of the application. The requirement for corrected 
drawings will not be held in abeyance. 

2. The drawings are objected to as failing to comply with 37 CFR 1 .84(p)(4) 
because reference character "85" has been used to designate both the step to open a 
response pipe upon successful method invocation which is diagramed on Figure 3 and 
the step to invoke the method lmpersonateNamedPipeClient() on Figure 2. A proposed 
drawing correction or corrected drawings are required in reply to the Office action to 
avoid abandonment of the application. The objection to the drawings will not be held in 
abeyance. 



1 . The disclosure is objected to because of the following informalities: on page 4, 
line 7, the indefinite article "an" should be replaced with "a". Appropriate correction is 
required. 



Specification 
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2. The use of the trademarks JAVA, WINDOWS, SUN MICROSYSTEMS, 
ACTIVEX, VISUAL BASIC, MICROSOFT, INTEL, NETSCAPE NAVIGATOR have been 
noted in this application. They should be capitalized wherever they appear and be 
accompanied by the generic terminology. 

3. Although the use of trademarks is permissible in patent applications, the 
proprietary nature of the marks should be respected and every effort made to prevent 
their use in any manner which might adversely affect their validity as trademarks. 

Claim Objections 

1 . Claim 7 is objected to because of the following informalities: in claim 7, the 
phrase "identifier is send by" should be "identifier is sent by". Appropriate correction is 
required. 



Claim Rejections - 35 USC §112 

1 . The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

2. Claim 6 is rejected under 35 U.S.C. 112, second paragraph, as being indefinite 
for failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. 

3. Claim 6 discloses that the request defined in claim 1 is issued by the login 
service defined in claim 3. However, 2 distinct operations are requested in claim 1: "a 
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login request" and "a request for a native operating system identifier". Applicant must 
distinctly identify to which request the claim is referring. 

4. Claims 2, 10, 12, 13, 16, 18, 21, 22, and 23 are rejected under 35 U.S.C. 112, 
second paragraph, as being indefinite for failing to particularly point out and distinctly 
claim the subject matter which applicant regards as the invention. 

5. As per claim, the presence of the trademarks or trade names JAVA, WINDOWS 
NT, ACTIVEX, and VISUAL BASIC are not proper under 35 U.S.C. 112, second 
paragraph (see 37 CFR 2173.05(u)). 

6. If a trademark or trade name is used in a claim as a limitation to identify or 
describe a particular material or product, the claim does not comply with the 
requirements of the 35 U.S.C. 112, second paragraph. Ex parte Simpson, 218 USPQ 
1020 (Bd: App. 1982) . The scope of the claim is uncertain since the trademark or trade 
name cannot be used properly to identify any particular material or product. 

Claim Rejections - 35 USC § 103 

1 . The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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2. Claims 1, 3-8, 11, 17, 19, and 20 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Bittinger U.S. Patent No. 6,453,362 in view of Ault U.S. Patent No. 
5,974,566 (hereinafter Ault). As per claim 1 , Bittinger covers a method for enabling a 
request from a client program on one machine to access a program on a remote 
application server on another machine comprising the following steps: 

1) listening for a request for login credentials (see Bittinger, col. 7, lines 10-26); 

2) responsive to a login request, making a request for a server stub (see 
Bittinger, col. 7, liens 41-45); 

3) sending the stub to the client program (see Bittinger, col. 7, lines 45-47; col. 8, 
lines 20-21); 

4) using the stub to instantiate a server skeleton (see Bittinger, Figure 3, 
reference numbers 35 and 36); and 

5) using the server skeleton to enable the client program to access the resource 
(see Bittinger, Figure 3, reference number 36). 

Moreover, although Bittinger does not describe the request from the client program as 
one from untrusted code, the remote application server includes an authentication 
server to verify the identity of the user (see Bittinger, col. 7, lines 8-21 ). Inherent in this 
feature is a protocol to verify the trustworthiness of the client. Finally, the above use of 
the term 'server stub 1 is interchangeable with the term 'operating system identifier' and 
the term 'server skeleton* with 'credential object 1 . However, Bittinger is silent on the 
matter of having the credential object login to the operating system. Ault does teach 
that it is well known in the art that credential objects are used to authenticate a user 
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through a 'DCE' login facility to access files on UNIX OS (see Ault, col. 5, lines 47-65). 
It would be obvious to one of ordinary skill in the art at the time the invention was made 
to have the credential object in the invention disclosed by Bittinger to login for the client 
to access the server's resource. The motivation for using the credential object to login 
the client to the server's resource is derived from the notion of reuse: Ault teaches that 
by storing the user profile information in an object, the information is locally retained and 
enables instantaneous verification of the client for the duration of the user's session and 
hence incurs performance benefits (see Ault, col. 10, lines 15-21). 

4. As per claim 3, Bittinger covers a method for enabling a program written in 
untrusted code to access a native operating system resource as outlined above in the 
claim 1 rejection under 35 U.S.C. 103(a). In addition, the listening step is performed by 
a login service (see Bittinger, col. 7, lines 18-20). 

5. As per claim 4, Bittinger covers a method for enabling a program written in 
untrusted code to access a native operating system resource as outlined above in the 
claim 3 rejection under 35 U.S.C. 103(a). In addition, the login service listens for 
requests on a socket (see Bittinger, col. 7, lines 13-18). By definition, named pipes are 
simply connections to transport data between two processes. Hence, a socket listening 
on a port is equivalent to a pipe named by an application. 
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6. As per claim 5, Bittinger covers a method for enabling a program written in 
untrusted code to access a native operating system resource as outlined above in the 
claim 3 rejection under 35 U.S.C. 103(a). In addition, the login service listens for 
requests issued via RMI (see Bittinger, col. 4, lines 25-27). RMI is a JAVA specific 
model for remote procedure calls. 

7. As per claim 6, Bittinger covers a method for enabling a program written in 
untrusted code to access a native operating system resource as outlined above in the 
claim 3 rejection under 35 U.S.C. 103(a). In addition, Bittinger specifies that the 
operating system identifier is requested by the application resident during initialization 
and prior to the client's access of the server's resources (see Bittinger, Figure 3, 
reference number 30; col. 7, lines 36-49). Since a login service encompasses user 
verification and the resulting initialization of programs dedicated to servicing the user, 
the invention disclosed by Bittinger covers claim 6. 

8. As per claim 7, Bittinger covers a method for enabling a program written in 
untrusted code to access a native operating system resource as outlined above in the 
claim 1 rejection under 35 U.S.C. 103(a). Moreover, since the socket interface accepts 
and delivers messages over a TCP connection (see Bittinger, col. 7, lines 13-18), the 
OS identifier sent over to the client by the socket interface is effectively being sent over 
a response pipe. 
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9. As per claim 8, Bittinger covers a method for enabling a program written in 
untrusted code to access a native operating system resource as outlined above in the 
claim 1 rejection under 35 U.S.C. 103(a). In addition, Bittinger discloses that after the 
authentication server on the remote machine validates the login information supplied by 
the client, the request is forwarded to the server application whereupon the server stub 
is instantiated. The server application then sends acknowledgement of the client call as 
well as the server stub (see Bittinger, col. 8, lines 9-24). It is well known in the art that 
authentication frameworks encompass authentication and user management features. 
Therefore, the server stub is created in an authentication framework. 

1 0. As per claim 1 1 , claim 1 1 corresponds to claims 1,3,4, 6, 7, 8 and they do not 
teach or define above the information claimed in claims 1 , 3, 4, 6, 7, 8 and is therefore 
rejected under Bittinger for claim 1 1 for the same reasons set forth in the rejections of 
claims 1, 3, 4, 6, 7, 8. 

11. As per claims 17, 19, 20, they are apparatus claims corresponding to claims 1, 3, 
4, 6, 7, 8 and they do not teach or define above the information claimed in claims 1, 3, 
4, 6, 7, 8 and is therefore rejected under Bittinger for claims 17, 19, 20 for the same 
reasons set forth in the rejections of claims 1 , 3, 4, 6, 7, 8. 

12. Claims 9, 14 rejected under 35 U.S.C. 103(a) as being unpatentable over 
Bittinger in view of Ault as applied to claim 8 above, and further in view of Itoi, 
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"Pluggable Authentication Module for Windows NT" (hereinafter Itoi). As per claim 9, 
Bittinger covers a method for enabling a program written in untrusted code to access a 
native operating system resource as outlined above in the claim 8 rejection under 35 
U.S.C. 103(a). Bittinger does not disclose that the authentication framework is a 
Pluggable Authentication Module. However, PAM is a popular alternative to modularize 
new methods and technologies into a security framework. Itoi discloses PAM as a way 
to make "authentication components replaceable, define[s] generic API for 
authentication mechanisms, and provide[s] single sign-on for users" (see Itoi, page 1 , 
section 2). Furthermore, Bittinger discloses that the totality of his invention can be 
implemented as software (see Bittinger, col. 8, lines 31-35). Therefore, it would be 
obvious to one of ordinary skill in the art at the time the invention was made to 
implement the invention residing on the server application resident as disclosed by 
Bittinger using the Pluggable Authentication Method approach. The motivation for such 
an implementation would be to modularize the features of the invention disclosed by 
Bittinger using a widely accepted API and hence hide low-level authentication 
mechanisms from application programmers. 

13. As per claim 14, it is an apparatus corresponding to claims 1 , 3, 4, 6, 7, 8, 9 and 
they do not teach or define above the information claimed in claims 1 , 3, 4, 6, 7, 8, 9 
and is therefore rejected under Bittinger in view of Ault and Itoi for claim 14 for the same 
reasons set forth in the rejections of claims 1,3,4, 6, 7, 8, 9. 
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2. Claim 15 is rejected under 35 U.S.C. 103(a) as being unpatentable over Bittinger 
in view of Ault and Itoi as applied to claim 14 above, and further in view of Win U.S. 
Patent No. 6,182,142 and Tang U.S. Patent No. 6,298,370. As per claim 15, Bittinger 
covers a method for enabling a request from a client program on one machine to access 
a program on a remote application server on another machine as outlined above in the 
claim 14 rejection under 35 U.S.C. 103(a). Itoi also describes API functions pam_start() 
and pam_authenticate() which corresponds to login interfaces, and pam_end() which 
corresponds to an abort interface (see Itoi, page 2, table 2.2). Although Itoi is silent on 
the matter of defining a commit and logout API, the activity of logging out a user is tied 
with logging in a user. Since logout is a standard feature of an authentication 
framework (see Win, col. 9, lines 31-38 for an example of a logout operation in an 
authentication framework) and commit operations are used to permanently enforce prior 
operations in programs dependent on strict sequential operation (see Tang, col. 131, 
lines 45-53 for a typical use of a commit operation), it would be obvious to one of 
ordinary skill in the art at the time the invention was made to include commit and logout 
APIs in the set of APIs found in the invention disclosed by Bittinger. The motivation for 
including the commit and logout APIs would be to establish a protocol of behavior for 
both the commit and logout tasks. 

3. Claims 21 and 23 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Horstmann Core JAVA Volume l-Fundamentals (hereinafter Horstmann) in view of 
Frisch Essential System Administration 2 nd Edition (hereinafter Frisch). As per claim 21 , 
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Horstmann discloses a computer environment to enable JAVA programming for users 
on a computer (see Horstmann, chapter 2, "The JAVA Programming Environment"). 
Horstmann teaches several aspects to set up this environment including: installing the 
JDK, using a text editor, and setting environment variables (see Horstmann, page 23- 
25). Furthermore, Horstmann discloses two simple JAVA programs: a JAVA class that 
is a variation of the 'Hello World' variety for users to code, compile, and run on their 
computer (see Horstmann, page 52), as well as a JAVA class which adds two to an 
input string (see Horstmann, page 72). Horstmann is silent on the matter of enabling 
each program to run in an operating system thread as a different native operating 
system user. However, providing multiple users access on a single machine is a 
conventional OS feature. Frisch teaches how UNIX is devised to incorporate multiple 
users on a single OS (see Frisch, Chapter 5, 'User Accounts'). In addition, Frisch 
discloses a key feature of processes creation in UNIX: the owner of the process is the 
user who started it (see Frisch, page 46, 'Real and Effective User ID'). Finally, Frisch 
discloses that threads and processes are essentially the same (see Frisch, page 274, 
footnote). Hence, each user executing a JAVA class will effectively run each program in 
a thread as a different user. Therefore, it would be obvious to one of ordinary skill in the 
art at the time the invention was made to enable each JAVA program to run in an OS 
thread as a different user in the configuration disclosed by Horstmann. The motivation 
for enabling multiple users with JAVA programming environments is based on the gains 
in resource savings of having more than one user share an OS. 
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4. As per claim 23, Horstmann covers an application server as outlined above in the 
claim 21 rejection 35 U.S.C. 103(a). In addition, Frisch discloses several options to 
access remote systems including 'rlogin', 'telnet', and 'ftp' (Frisch, page 587, 4 th 
paragraph). In each case, a user logs into the OS remotely and executes any JAVA 
class file owned by the user. The aforementioned covers all of claim 23. 



Conclusion 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Azagury et al. U. S. Patent No. 6,529,962 discloses a method to preserve thread 
identity during remote calls. 

Ruehle et al. U.S. Patent No. 6,553,428 discloses a method to distribute object 
instantiation of native objects in JAVA. 

Bond et al. U.S. Patent No. 6,275,938 discloses a method for security 
enhancement for untrusted executable code. 

Kessler et al. U.S. Patent No. 6,157,961 discloses a client side stub interpreter. 

Schofield U.S. Patent No. 6,308,225 discloses a method for performing 
distributed object calls. 

Held et al. U.S. Patent No. 5,802,367 discloses a method and system for 
transparently executing code using a surrogate process. 

Regnier et al. U.S. Patent No. 5,689,708 discloses a client/server computer 
systems having control of client-based application programs. 



* 
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East et al. U.S. Patent No. 5,187,790 discloses a server impersonation of client 
processes in an object based computer operating system. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jung W Kim whose telephone number is 703-305-8289. 
The examiner can normally be reached on M-F 9:00 A.M. to 5:00 P.M.. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 703-305-1830. The fax phone numbers 
for the organization where this application or proceeding is assigned are 703-746-9939 
for regular communications and 703-746-9939 for After Final communications. 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is 703-305- 
3900. 
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